CVE-2006-4997

Name: CVE-2006-4997
Creator: NVD / NIST
Published: 2006-10-10T04:06:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 4.60%

Last modified Jun 16, 2026

CVE-2006-4997 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference).. EPSS estimates a 4.60% chance of exploitation in the next 30 days.

Description

The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference).

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

4.60%

90.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-416

Affected Software

Vendor	Product	Versions
Linux	Linux Kernel	< 2.6.18
Canonical	Ubuntu Linux	5.10
Canonical	Ubuntu Linux	6.06
Canonical	Ubuntu Linux	6.10
Redhat	Enterprise Linux	2.1
Redhat	Enterprise Linux	3
Redhat	Enterprise Linux	4

References

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206265Exploit, Issue Tracking
http://secunia.com/advisories/22253Broken Link, Vendor Advisory
http://secunia.com/advisories/22279Broken Link, Patch, Vendor Advisory
http://secunia.com/advisories/22292Broken Link, Patch, Vendor Advisory
http://secunia.com/advisories/22497Broken Link
http://secunia.com/advisories/22762Broken Link
http://secunia.com/advisories/22945Broken Link
http://secunia.com/advisories/23064Broken Link
http://secunia.com/advisories/23370Broken Link
http://secunia.com/advisories/23384Broken Link
http://secunia.com/advisories/23395Broken Link
http://secunia.com/advisories/23474Broken Link
http://secunia.com/advisories/23752Broken Link
http://secunia.com/advisories/23788Broken Link
http://secunia.com/advisories/24288Broken Link
http://secunia.com/advisories/25691Broken Link
http://securitytracker.com/id?1017526Broken Link, Third Party Advisory, VDB Entry
http://support.avaya.com/elmodocs2/security/ASA-2006-249.htmThird Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-254.htmThird Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-078.htmThird Party Advisory
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fe26109a9dfd9327fdbe630fc819e1b7450986b2Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2006:197Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2007:012Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2007:025Broken Link
http://www.novell.com/linux/security/advisories/2006_79_kernel.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2006-0689.htmlBroken Link, Patch
http://www.redhat.com/support/errata/RHSA-2006-0710.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2007-0012.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2007-0013.htmlBroken Link
http://www.securityfocus.com/archive/1/471457Broken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/20363Broken Link, Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/usn-395-1Third Party Advisory
http://www.us.debian.org/security/2006/dsa-1233Broken Link
http://www.us.debian.org/security/2006/dsa-1237Broken Link
http://www.vupen.com/english/advisories/2006/3937Broken Link
http://www.vupen.com/english/advisories/2006/3999Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/29387Third Party Advisory, VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10388Broken Link
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206265Exploit, Issue Tracking
http://secunia.com/advisories/22253Broken Link, Vendor Advisory
http://secunia.com/advisories/22279Broken Link, Patch, Vendor Advisory
http://secunia.com/advisories/22292Broken Link, Patch, Vendor Advisory
http://secunia.com/advisories/22497Broken Link
http://secunia.com/advisories/22762Broken Link
http://secunia.com/advisories/22945Broken Link
http://secunia.com/advisories/23064Broken Link
http://secunia.com/advisories/23370Broken Link
http://secunia.com/advisories/23384Broken Link
http://secunia.com/advisories/23395Broken Link
http://secunia.com/advisories/23474Broken Link
http://secunia.com/advisories/23752Broken Link
http://secunia.com/advisories/23788Broken Link
http://secunia.com/advisories/24288Broken Link
http://secunia.com/advisories/25691Broken Link
http://securitytracker.com/id?1017526Broken Link, Third Party Advisory, VDB Entry
http://support.avaya.com/elmodocs2/security/ASA-2006-249.htmThird Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-254.htmThird Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-078.htmThird Party Advisory
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fe26109a9dfd9327fdbe630fc819e1b7450986b2Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2006:197Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2007:012Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2007:025Broken Link
http://www.novell.com/linux/security/advisories/2006_79_kernel.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2006-0689.htmlBroken Link, Patch
http://www.redhat.com/support/errata/RHSA-2006-0710.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2007-0012.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2007-0013.htmlBroken Link
http://www.securityfocus.com/archive/1/471457Broken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/20363Broken Link, Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/usn-395-1Third Party Advisory
http://www.us.debian.org/security/2006/dsa-1233Broken Link
http://www.us.debian.org/security/2006/dsa-1237Broken Link
http://www.vupen.com/english/advisories/2006/3937Broken Link
http://www.vupen.com/english/advisories/2006/3999Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/29387Third Party Advisory, VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10388Broken Link

Timeline

Published: Oct 10, 2006
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-4997?

How severe is CVE-2006-4997?

CVE-2006-4997 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 4.60% probability of exploitation in the next 30 days.

How do I fix CVE-2006-4997?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-4997?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST